Benutzer-Werkzeuge

Webseiten-Werkzeuge


public_v6:teredo

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

public_v6:teredo [2012/07/19 21:53]
admin angelegt
public_v6:teredo [2017/01/24 18:49]
Zeile 1: Zeile 1:
- 
-===== Miredo-Server Konfiguration unter Ubuntu ===== 
-==== Zielkonfiguration ==== 
-Miredo-Server lauscht auf\\  
-''Interface: eth0\\  
-IPv4-Adr: 192.64.0.100 und 192.64.0.101'' 
-=== Installation === 
- 
-Miredo-Server installieren: 
-<code bash>$ sudo apt-get install miredo-server</code> 
- 
-=== Konfiguration === 
- 
-Die 2. IPv4-Adr. an IF binden: 
-<code bash>$ sudo ip -4 addr add 192.64.0.101/24</code> 
-In der ''/etc/miredo-server.conf'':  
-<code>ServerBindAddress 141.92.0.100</code> 
-"On the IPv6 side, no special setting should be needed. The server should 
-simply have a working IPv6 connectivity. It must be allowed to emit ICMPv6 
-packets with source in range 2001:0::/32 and destination within 2000::/3."(([[http://osdir.com/ml/network.ipv6.miredo.devel/2006-07/msg00003.html]] als PDF: {{:miredo_teredo.pdf|}})) 
- 
-===== Miredo-Server Starten ===== 
-<code bash>$ sudo /etc/init.d/miredo-server start</code> 
- 
-==== Links ==== 
- 
- 
-^ Link ^ Anmerkungen ^ 
-| [[http://www.symantec.com/avcenter/reference/Teredo_Security.pdf|Symantec-Paper]] |  | 
-|[[http://www.heise.de/netze/artikel/Teredo-bohrt-IPv6-Tunnel-durch-Firewalls-221537.html|Heise Artikel]]| Überblick über Protokoll und Konfiguration | 
-|[[http://www.remlab.net/miredo/| Miredo]]| Teredo Implementierung für Linux| 
-|[[http://tools.ietf.org/html/rfc4380|RFC 4380 - Teredo]]| RFC-Standard| 
-|[[http://www.microsoft.com/germany/technet/datenbank/articles/600330.mspx| Teredo-Überblick (Microsoft)]]| | 
-|[[http://technet.microsoft.com/en-us/library/ee844188(WS.10).aspx |Teredo-Troubleshooting (Microsoft) ]]| | 
- 
-[[http://www.hoggnet.com/Presentations/Microsoft%20IPv6-2007-09-17.pdf]] 
- 
-[[http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/]] 
- 
-[[http://msdn.microsoft.com/en-us/library/bb968771(VS.85).aspx]] 
- 
-[[http://msdn.microsoft.com/en-us/library/bb190948(v=VS.85).aspx]] 
- 
-[[http://www.brandontek.com/?p=100]] - Übersichtliche Darstellung des Adressaufbaus 
- 
-==== Snort-Regeln zur Teredo-Erkennung: ==== 
- 
- 
-Die ersten 2 Byte nach dem UDP-Header haben den Wert ''00'' ''01'' 
-Nach weiteren 8 Byte 'Origin Indication Header' folgt das IPv6 Paket, erkennbar am Bitmuster des Type Feld (byte_test:1,&,96,0) 
- 
-<code> 
-policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544  
-(msg:"POLICY Outbound Teredo traffic detected"; flow:to_server;  
-content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0;  
-reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx;  
-classtype:policy-violation; sid:12065; rev:2;) 
- 
-policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any  
-(msg:"POLICY Inbound Teredo traffic detected"; flow:to_server;  
-content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0;  
-reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx;  
-classtype:policy-violation; sid:12066; rev:3;) 
-</code> 
- 
- 
- 
-<code> 
-policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any  
-(msg:"POLICY Inbound Teredo traffic detected"; flow:to_server;  
-content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0;  
-reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx;  
-classtype:policy-violation; sid:12068; rev:2;) 
- 
-policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544  
-(msg:"POLICY Outbound Teredo traffic detected"; flow:to_server;  
-content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0;  
-reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx;  
-classtype:policy-violation; sid:12067; rev:2;) 
- 
-</code> 
- 
  
public_v6/teredo.txt · Zuletzt geändert: 2017/01/24 18:49 (Externe Bearbeitung)